[Touch-packages] [Bug 1686544] Re: sudo fails to retrieve groups in sudoUser
sudoUser=%#gid is a known bug in sssd https://pagure.io/SSSD/sssd/issue/1678 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1686544 Title: sudo fails to retrieve groups in sudoUser Status in sudo package in Ubuntu: New Bug description: Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules, groups are not resolved since last update. I troubleshooted : - sudo with all@debug - sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9 - LDAP requests are correctly sent, and I can obtain correct rules - SSSD cache is correctly stored too, I can successfully ldbsearch into! I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo (1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo 1.8.19, with no luck. Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: ALL Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: #uid Broken since 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: %mygroup Broken in 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: myuser Patch sssd-doesnt-handle-netgroups.diff seems to break something... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1686544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1686544] Re: sudo fails to retrieve groups in sudoUser
In the link posted above, the OP solves the problem by adding objectClass: posixgroup to his groups. In my case, they already are "posix-ified". But, I finally made my sudorules to work by turning use_fully_qualified_names = False. Summary: use_fully_qualified_names = True + sudo 1.8.16-0ubuntu1 => OK use_fully_qualified_names = True + sudo 1.8.16-0ubuntu1.3 => NOK use_fully_qualified_names = False + sudo 1.8.16-0ubuntu1.3 => OK Remaining problems: sudoUser=%#gid is not retrieved -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1686544 Title: sudo fails to retrieve groups in sudoUser Status in sudo package in Ubuntu: New Bug description: Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules, groups are not resolved since last update. I troubleshooted : - sudo with all@debug - sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9 - LDAP requests are correctly sent, and I can obtain correct rules - SSSD cache is correctly stored too, I can successfully ldbsearch into! I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo (1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo 1.8.19, with no luck. Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: ALL Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: #uid Broken since 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: %mygroup Broken in 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: myuser Patch sssd-doesnt-handle-netgroups.diff seems to break something... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1686544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1686544] Re: sudo fails to retrieve groups in sudoUser
reported here too : https://www.redhat.com/archives/freeipa- users/2017-May/msg00033.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1686544 Title: sudo fails to retrieve groups in sudoUser Status in sudo package in Ubuntu: New Bug description: Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules, groups are not resolved since last update. I troubleshooted : - sudo with all@debug - sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9 - LDAP requests are correctly sent, and I can obtain correct rules - SSSD cache is correctly stored too, I can successfully ldbsearch into! I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo (1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo 1.8.19, with no luck. Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: ALL Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: #uid Broken since 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: %mygroup Broken in 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: myuser Patch sssd-doesnt-handle-netgroups.diff seems to break something... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1686544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1686544] [NEW] sudo fails to retrieve groups in sudoUser
Public bug reported: Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules, groups are not resolved since last update. I troubleshooted : - sudo with all@debug - sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9 - LDAP requests are correctly sent, and I can obtain correct rules - SSSD cache is correctly stored too, I can successfully ldbsearch into! I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo (1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo 1.8.19, with no luck. Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: ALL Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: #uid Broken since 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: %mygroup Broken in 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: myuser Patch sssd-doesnt-handle-netgroups.diff seems to break something... ** Affects: sudo (Ubuntu) Importance: Undecided Status: New ** Attachment added: "sssd.conf" https://bugs.launchpad.net/bugs/1686544/+attachment/4868405/+files/sssd.conf -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1686544 Title: sudo fails to retrieve groups in sudoUser Status in sudo package in Ubuntu: New Bug description: Currently using sudo with sssd 1.13.4 on xenial to manage sudo rules, groups are not resolved since last update. I troubleshooted : - sudo with all@debug - sssd with [sudo] debug_level = 9 and [domain/domain.tld] debug_level = 9 - LDAP requests are correctly sent, and I can obtain correct rules - SSSD cache is correctly stored too, I can successfully ldbsearch into! I had to downgrade sudo (1.8.16-0ubuntu1.3) xenial to sudo (1.8.16-0ubuntu1) xenial, to get my groups working again. I tried sudo 1.8.19, with no luck. Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: ALL Working in 1.8.16-0ubuntu1.3 and 1.8.16-0ubuntu1: sudoCommand: /bin/mount sudoHost: ALL sudoUser: #uid Broken since 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: %mygroup Broken in 1.8.16-0ubuntu1.3: sudoCommand: /bin/mount sudoHost: ALL sudoUser: myuser Patch sssd-doesnt-handle-netgroups.diff seems to break something... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1686544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp